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@ Transaction system comprising one or more iiost exchanges and a number of distributed terminal 
stations which can be coupled to any host exchange via a network system, concentrator and 
terminal station suitable for use in such a transaction system, and operator identification element 
for use in such a terminal station. 



® A transaction system comprises terminal stations 
which can communicate with a host exchange. In 
order to improve the communication, concentrators 
are anranged between the host exchange and the 
terminal stations. Given functions can be accom- 
modated with the concentrators so that they need 
not be provided in the temiinal station. The con- 
centrators as well as the terminal stations are pro- 
^vided with a security box in order to realize 
^encryption/decryption of the data transport; for the 
^terminal station this box is preferably realized in the 
§form of a smart card which acts as an operator 
identification element. A customer can identify him- 
U9self by means of a user identification element, for 
^example a magstripe card or a further smart card. 
The encryption mechanism is preferably DES. 
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Transaction system comprising one or more host exchanges and a number of distributed terminal 
stations which can be coupled to any host exchange via a networic system, concentrator and terminal 
station suitable for use in such a transaction system, and operator identification element for use in 

such a terminal station. 



BACKGROUND OF THE INVENTION 

A transaction system, comprising a first num- 
ber of distributed terminal stations, each terminal 
station comprising a first presentation location for 
receiving a portable user identification element and 
also bidirectional communication elements which 
enable physical communication with a user and 
which can receive, subject to a user identification 
being talcen up and verification thereof in the trans- 
action system, a user transaction request, wherein 
respective subsets of the terminal stations are each 
connected to a concentrator, various concentrators 
being interconnected by means of a network to one 
or more host exchanges, wherein each concentra- 
tor has protocol means for executing protocoiled 
data transports with at least one host exchange and 
has cryptography means for exchanging said user 
transaction request and request granting informa- 
tion said at least one host exchange under execu- 
tion of cryptographic operations on said data. 
There are generally two types of transactions of 
this kind. According to the first type, the user 
receives an amount of money (usually bank notes) 
upon his request, which amount is charged against 
his his account at a relevant host exchange. Ac- 
cording to the second type, the user receives a 
service or product which is worth a given amount 
of money, which is charged against his account 
The transaction is also possible in the other direc- 
tion, so that the amount is credited to the account. 
However, the invention is by no means restricted 
by the nature of the transaction and in principle 
other types of transaction are also feasible, even 
transactions which are not expressed in money 
because they concern only the transport, for exam- 
ple the output, of information which may take place 
to an authorized user only. 

In order to activate the transaction, a user 
presents a portable user identification element 
(smart card, magstripe card or the like) to the 
terminal station and identifies himself by means of, 
for example a so-called PIN code. A terminal sta- 
tion then comprises means for executing a physical 
bidirectional communication, such as a keyboard 
and a display element (and/or a printer) and, if 
necessary, a delivery mechanism for the bank 
notes. The user identification element then contains 
identification information. The identity of the user is 
subsequently verified in that the user enters, for 
example a PIN code. After verification, the user can 



enter a transaction request. Alternatively this re- 
quest may also be presented, for example, ver- 
bally. In that case there Is provided, for example a 
voice recognition mechanism. There may be output 

5 in the form of speech. The communication between 
the terminal station and the host exchange must be 
encrypted by means of an encryption mechanism 
In one form or another. The protocols and proce- 
dures for the data transports to the various host 

10 exchanges usually differ (these host exchanges 
may be, for example different banks, or giro bank 
centres) and the facilities required in a terminal 
station for the above make the terminal station 
expensive; this is because a given amount of intel- 

75 llgence must be provided also for functions such as 
the checking and monitoring of the status of the 
network. 



20 SUMMARY OF THE INVENTION 

A system according to the preamble is known 
from EP application 68805, corresponding US ap- 
plication 278001, herein incorporated by reference. 

25 Here, the terminal station has encryption means 
permanently provided, that could be accessed by 
fraudulent persons, it would be expensive to make 
the terminal station tamper proof there against. 
Among other things, it is an object of the invention 

30 to simplify the terminal station so that only a limit- 
ed number of communication facilities need be 
provided therein, such as a simple display element 
(a few alpha-numerical positions suffice in most 
cases), a keyboard, and a read element for a user 

35 identification element, there also being provided 
facilities for introducing/removing a simply con- 
structed encryption/decryption element for the 
communication so that a terminal station is auto- 
matically protected against abuse when It is not in 

40 operation. 

This object is achieved by a transaction sys- 
tem in accordance with the invention in that ac- 
cording to one of its aspects it is characterized in 
that, a terminal station, physically apart from said 

45 first presentation location comprises a second pre- 
sentation location for receiving a portable operator 
identification element in order to execute data pro- 
cessing operations therein for communication with 
the associated concentrator by 

50 encryption/decryption, using data processing ele- 
ments present in the operator identification ele- 
ment, on the basis of a key information for a so- 
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called public algorithm present in the operator 
identification element 

The customer-oriented realization of the sys- 
tem is effected by the number of terminal stations. 
As a result of the invention, the terminal stations 
may be cheaper: the various protocols need now 
be implemented only in the concentrators. More- 
over, the number of concentrators is smaller than 
the number of terminal stations, so that the network 
system can be simplified In many cases. Now 
there are often two cryptographic levels. At the 
level of the net\vori< system, a high reliability is 
required, however, this reliability is achieved by 
means of the already complex concentrators. Be- 
tween the concentrators and the groups of terminal 
stations (typically 8-128) there is only required sim- 
pler cryptography which is realized in a so-called 
security box. This security box is now formed by 
the operator identification element. Without this op- 
erator identification element, a temninal station is 
completely unusable, so that the security is in- 
creased; this means that, for example, after busi- 
ness hours the terminal station may remain unat- 
tended, without unauthorized transactions being 
possible. 

In itself, terminals for use with two different 
card categories have become known from EP ap- 
plication 193,920, corresponding JP application 
4338685 priority March 5, 1985 but there the oper- 
ator card is inserted in the same slit as the user 
card, so the secret information is normally present 
In the terminal itself, and may thus be accessed, as 
long as the power is not cut down. Moreover, the 
data processing elements of the IC-card are no 
more locally available during normal use. 



FURTHER ASPECTS OF THE PRESENT INVEN- 
TION 

According to another aspect, the operator iden- 
tification element can be used for clerical purposes 
in that various operators each have their own in- 
dividualized operator identification element: each 
salesman can, for example, sum his own turn-over 
or the system can sum the turn-over separately for 
ail salesmen. In a further elaborated system, sev- 
eral levels of operator identification elements may 
be provided. For example, the lowest level is then 
reserved forthe sales persons as described above. 
The next-higher level is then reserved for the own- 
er of a shop employing several sates persons, 
which owner can sum the turn-over for all sales 
persons, separately, for all sales persons together, 
and possbily also for each product group. Further 
levels can be created in a similar manner. 

The invention also relates to a concentrator for 
use in such a transaction system. Such concentra- 



tors will usually serve a locally organized group of 
terminal stations, for example as present in a large 
department store. The invention also relates to a 
terminal station for use in such a transaction sys- 

5 tem. Because of their low cost, such terminal sta- 
tions can be comparatively widely used. The inven- 
tion also relates to an operator identification ele- 
ment for use in conjunction with such a terminal 
station. The operator identification element can be 

70 formed notably as a so-called smart card. Further 
aspects of the invention are described in the de- 
pendent Claims. 



75 BRIEF DESCRIPTION OF THE FIGURES 

The invention will be described in detail 
hereinafter with reference to some Figures. 

Fig. 1 is a general representation a transac- 
20 tion system in accordance with the Invention. 

Fig. 2 shows a simplified diagram of a termi- 
nal station. 



25 GENERAL SYSTEM DESCRIPTION 

Hg. 1 is a general representation of a transac- 
tion system in accordance with the invention. The 
present embodiment involves three host exchanges 

30 22, 24, 26. These exchanges are, for example a 
giro bank centre, a bank giro centre and a clerical 
control system. The latter system controls and ad- 
ministrates, for example the output of the terminal 
station, key information and the like; however, this 

35 will not be elaborated in the context of the present 
invention. Block 20 represents a compensation ad- 
ministration or clearing system which has only 
banking-technical implications and which will not be 
elaborated herein. The above exchanges are inter- 

40 connected by means of a network 21. Via one or 
more networks (not shown) in the block 34 the 
exchanges 22, 24, 26 are connected to the con- 
centrators 36, 38. 40. The transport via these net- 
works is realized with encryption before and de- 

45 cryption after a transport. Encryption for a transport 
in the direction of the host exchange (exchanges) 
can be executed, if desired as an encryption sup- 
plementary to an encryption performed during a 
previous stage, and decryption for a transport from 

50 the host exchanges can be executed partly as a 
decryption preceding a further decryption to be 
performed at a later stage. On the other hand, the 
various encryptions/decryptions can also be per- 
formed fully independently. 

55 Decryption requires secret key information. 

Many encryption/decryption algorithms are known 
per so. if desired, a second secret key may be 
used for encryption (the two keys should then be 
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complementary). A further aspect of the security 
may be the use of a secret algorithm. Further 
aspects at another level may be the periodic 
Changing of the key (or from one transaction to 
another), and the segmenting of the algorithm. In 
order to maintain the secret nature of the encryp- 
tion, this operation (and also decryption) is per- 
formed in a "security box" which is present at all 
stations/exchanges mentioned thus far: 36, 38, 40, 
22, 24. 26. Therein there is also provided the 
information of keys to be locally used, and possible 
also algorithms, in such a manner they cannot be 
accessed outside the relevant security box, despite 
any, evidently unauthorized attempts. Such a fa- 
cility is called tamper proof. In may cases elec- 
tronic screens are provided which indicate me- 
chanical tampering and which can Initiate a com- 
plete or partial erase operation for secret informa- 
tion in response thereto. Inside the casing there 
may also be taken further steps which are known 
per se. 

Each of the concentrators 36. 38, 40 is con- 
nected to three terminal stations: 48 ... 64; the 
concentrators are diagrammatical ly represented by 
a single block, and the three terminal stations are 
shown more specifically. &ch of tlie three terminal 
stations can communicate with two kinds of iden- 
tification element, that is to say the user identifica- 
tion elements 66, 68. 70 and the operator iden- 
tification elements 72. 74, 76. In a simple system 
the user identification elements are formed, for 
example by banker's cards provided with a mag- 
netic strip on which data can be stored. Such a 
magstripe cards are In general use and will not be 
elaborated for the sake of brevity. They can be 
provided with additional security mechanisms. To 
this end. for example the information on the card 
can be coupled to a unique physical card char- 
acteristic. Ther terminal station comprises a slot for 
entering such a card, which slot accommodates a 
reader for the magnetic strip. In principle each 
customer may have one (or more) own user iden- 
tification elements. In a more advanced system, the 
user identification element is formed by a so-called 
smart card on which there are provided a micropro- 
cessor, a read-only memory and a random access 
memory. The degree of security is then higher. 
Other cards can also be used, for example optically 
readable cards and hybrid cards (for example a 
card comprising a microprocessor and a memory 
as well as a magnetic strip). 

There is also provided an operator identifica- 
tion element 72, 74. 76. This element can be 
presented to the terminal station in a suitable man- 
ner, for example also via an appropriate slot in the 
terminal station. The operator identification element 
has two functions. Rrst of all. it can identify an 
operator (or an authorized person of the relevant 



organization) vis-a-vis the terminal station and 
hence vis-a-vis the system. Secondly, this element 
acts as a security box In the cryptographic or- 
ganization between the terminal station and the 

5 concentrator. When the operator identification ele- 
ment is prematurely removed, the cryptographic 
mechanism between the relevant terminal station 
and the concentrator is disabled and hence also 
the communication. The operator Identification eie- 

10 ment thus also has the function of a key. The 
respective procedures will be described 
hereinafter. 

In an envisaged system the idea is to use from 
3 to 4 networks, each having its own network 

75 protocols and possible different security mecha- 
nisms, with 400 to 600 concentrators, each for a 
number of from 32 to at the most 128 terminal 
stations, so a total number of from 10.000 to 
20.000 terminal stations. For communication there 

20 are provided standardized protocols and electrical 
connections such X.25. V24/RS232, I.S.0.1745A - 
and so on. For protection during authentification of 
messages there also exists a generally accepted 
standard, i.e. ANSI 9.9. The system may be small- 

25 er so that it comprises, for example only one host 
exchange and from some tens to some hundreds 
of terminal stations. It may also be larger with tens 
of host exchanges and several 10^ terminal sta- 
tions. Alternatively, further concentrators may be 

30 provided at a higher level. 

GENERAL DESCRIPTION OF THE OPERATION. 
OF THE SYSTEM 

35 

The system has three operational stages: 

1. authentificatlon/initialization between host 
exchange and concentrator. This stage is char- 
acterized by: 

40 a. authentification between host exchange 

and concentrator upon initialization and possibly 
during the subsequent operational period. The ob- 
ject is to ensure that the concentrator forms part of 
the authorized system. 

45 b. exchange of keys for the encryption 

between concentrator and host exchange, the 
whole procedure being protected by a master key. 
The master key may be present on a further smart 
card; this enables flexible key management. For 

50 the key management, for example the R.S.A. 
mechanism can be used. 

c. exchange of a black list containing in- 
validated identification elements; it may also con- 
cern a list with permitted operator identification 

56 elements. (For example, in the case of a concentra- 
tor which is suitable for 64 terminal stations (each 
of which is usually coupled via a separate line) and 
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six permissible operator identification elennents per 
terminal station, this list is a table comprising 6 x 
64 = 384 permissible cards per concentrator). 

2. Authentification/initialization between con- 
centrator and terminal station. This stage is char- 
acterized by: 

a. authentification between terminal station 
and concentrator at the instant at which the 
retailer/cashier commences the starting and initial- 
ization of the money transfer machine (for example, 
an electronic cash register) for a limited period of 
time which amounts to at the most, for example 10 
hours. 

b. exchange of the period key between 
concentrator and terminal station: the master key 
controlling this operation is present in the operator 
identification element (there may be several of 
such elements). 

c. despatch of result of check as regards 
terminal station and as regards cashier to host 
exchange. 

d. checking out the payment period, with 
delivery of final check data by host exchange. 

3. Authentification/transaction between termi- 
nal station/customer/user identification element, to 
be referred to hereinafter as magnet card. This 
stage is characterized by: 

a, authentification/PIN verification of the 
customer by means of his magnet card via a route 
through or in the concentrator.. 

b. execution of the order for payment 
The sequence of the operations in the case of 

electronic payment is as follows. It is assumed that 
all components are operational and that no errors 
occur. 



Check-in/initialization phase: 

a. The power supply for the terminal station 
and the electronic cash register (ECR) is switched 
on. 

2. The operator identification element (SC) Is 
inserted into the terminal station. 

3. Using the check-in command (a button), 
the cashier checks in into the terminal station (can 
also take place automatically at the instant at which 
the operator identification element (SC) is inserted 
Into the terminal station). 

4. The terminal station transmits a unique 
check-in message associated with the relevant op- 
erator identification element (SC) to the concentra- 
tor. 

5. The concentrator returns a value deter- 
mined at random. 

6. Using the data encryption standard al- 
gorithm, or DES algorithm, and the master key of 
the operator identification element, this value is 



encrypted and the result is subsequently des- 
patched to the concentrator. The DES algorithm is 
described in Federal Information Processing Stan- 
dards "Data Encryption Standards". Publications 
5 46. January 15, 1977. US Department of Com- 
merce Springfield. Virginia. 22161. The RSA al- 
gorith. is another possibility. 

7. Because the concentrator knows which 
user identification element has started the relevant 

70 session, ttie message can be decrypted and veri- 
fied after reception. 

8. Subsequently, the concentrator des- 
patches, using the known or an associated master 
key, a session key thus encrypted to the terminal 

75 station (calculation of session key by means of 
random value is an alternative). 

9. The terminal station is then ready to ex- 
ecute an electronic payment instruction and in- 
forms the host exchange that it is ready, by means 

20 of a message via the concentrator, including a 
statement of the unique cashier number for this 
session. 



25 Payment phase: 

1. Via a function key on the electronic cash 
register (ECR). the cashier enables the money 
transfer machine (the terminal station) after the 

30 customer has indicated that he wishes to pay elec- 
tronically. 

2. The cashier transfers the total amount to 
be paid, simultaneously with the instruction 
"electronic payment" (the function key), to the ter- 

35 minal station. 

3. A display element of the terminal station 
displays the total amount and the instruction to 
insert the user identification element. 

4. The customer inserts the user identifica- 
40 tion element into or through the reader. 

5. Via the display element the terminal sta- 
tion requests the PIN code. 

6. The customer enters the PIN code. 

7. The terminal station despatches the mes- 
45 sage containing the data recorded on the magnetic 

card (MGK data) and tiie encrypted PIN code, the 
message being provided with a MAC (message 
authentification code according to tiie ANSI 9.9 
standard) to the concentrator or host exchange, 

50 depending on how and where the PiN verification 
and the processing of the MGK data must take 
place; this is determined inter alia by the instruc- 
tions of tiie banking organization etc. managing the 
relevant host exchange. 

55 8. After approval of the PIN code, an instruc- 

tion Is returned with tiie question whether the cus- 
tomer (user) agrees with payment of the total 
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amount displayed on the display element: the latter 
element displays, for example the question: 
agreed?. 

9. After the customer has pressed the 
agreed button, the sales slip is printed (standard 
data, for example name of company, date have 
already been printed) after a preceding payment 
session, so that the delay due to printing is mini- 
mum. 

10. The agreed command is despatched to 
the host exchange. 

1 1 . After confirmation of reception the termi- 
nal station releases the ECR again for a next elec- 
tronic payment 

Check out phase: 

1 . The cashier indicates that his session is to 
be terminated by pressing the check in/out function 
key. 

2. The terminal station despatches a check 
out command to the concentrator and the host 
exchange. 

3. The host exchange sends the sum of the 
payments made during the relevant session to the 
terminal station where it is printed, together with 
relevant administrative data. (This sum is possibly 
verified vis-a-vis a total amount stored in the termi- 
nal station.) 

4. The concentrator re-initiailzes itself In 
preparation of a new session and requests an oper- 
ator identification element, be it that this takes 
place only when the power supply voltage for the 
terminal station remains switched on; otherwise it 
awaits a check-in message from the terminal sta- 
tion. 

DESCRIPTION OF A TERMINAL STATION 

Fig. 2 shows a simplified diagram of a terminal 
station. The housing 100 comprises a number of 
input/output devices/interfaces for communication 
with a user at the right-hand side. Element 102 is a 
slot for presenting a pay card (user identification 
element) provided with a magnetic strip. There is 
provided a read element for the digital data present 
in the magnetic strip, drive rollers 106 for the card, 
a motor 108 for the drive rollers, a keyboard com- 
prising, for example sixteen keys for entering deci- 
mal digits, approval and reject signals and possibly 
other signals, and a display element 112 for al- 
phanumerical text. Element 114 is a microswitch 
for forming a stop command for the motor 108 
when the card has been completely inserted. The 
elements 108, 104. 110, 112 are connected to the 
local processor 116. The reference numeral 118 



denotes a slot for a smart card (operator identifica- 
tion element) and the reference numeral 120 de- 
notes a microswitch or optical detector for detect- 
ing the presence of the fully positioned card- The 

5 element 120 and a line 122 for communication with 
the smart card are also connected to the processor 
116. There are also shown an electronic cash reg- 
ister (being specific for the above application) 124 
and a line for connection to the concentrator. There 

w are also provided (not shown) a connection for a 
printer, a spare connection with RS232 interface 
and some status indicators concerning status tests. 
If desired, the slot 118 may be situated behind a 
door or be semi-hidden in another way. The elec- 

75 tronic cash register will not be described for the 
sake of brevity. 

THE OPERATOR IDENTIFICATION ELEMENT 

20 

The operator identification element acts as a 
security box for the terminal station in order to 
perform the relevant encryption/decryption oper- 
ations. It also acts as an identification element for 

25 an operator (cashier, salesman, and the like). Out- 
side business hours the terminal station can thus 
be deactivated by removal of the operator iden- 
tification element. The operator identification ele- 
ment may be formatted as a box having, for exam- 

30 pie the dimensions of a pocket calculator (for ex- 
ample, length 10-20 cm, width 2-10 cm, thickness 
1-10 mm). It includes a microprocessor, a memory 
and I/O components. There is provided a protection . 
mechanism, for example as previously described 

35 for a security box. Notably the key and the oper- 
ator identification information may not become 
available to the environment. Furthermore, the box 
may comprise a display element, a keyboard, cal- 
culation functions and so on. 

40 Alternatively, the operator identification element 

complies with the electronic payment card standard 
which has actually been proposed as a user iden- 
tification element. The standard concerns the di- 
mensions, the electronic interfaces and the like. 

45 Such a payment card with built-in DES algorithm is 
described in the previous, non published French 
Patent Application 8703083 (870306) PHF 87.514) 
in the name of Applicant which is incorporated 
herein by way of reference. The special use of the 

50 operator identification element, however, is not de- 
scribed therein. In such a card notably the micro- 
processor and the storage for secret information 
are integrated in a single integrated circuit, so that 
the tapping of bond pads and the like does not 
55 give access to this secret information. 

The presentation position for the operator iden- 
tification element is adapted to the dimensions of 
the latter element An operator identification eie- 
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ment does not offer advantages to a fraudulent 
customer per se. because its own authentification 
must still take place at least partially in the con- 
centrator by means of a correct user identification 
element. This holds good even if such a customer 
possesses the code for identifying himself as a 
cashier. Abuse is of course possible, but this does 
not concern the undue recording of payments: this 
operation always requires a (stolen) user identifica- 
tion element with associated PIN code. In that case 
the normal route via the cashier can be used. 



Claims 

1. A transaction system, comprising a first 
number of distributed terminal stations, each termi- 
nal station comprising a first presentation location 
for receiving a portable user identification element 
and also bidirectional communication elements 
which enable physical communication with a user 
and which can receive, subject to a user identifica- 
tion being taken up and verification thereof in the 
transaction system, a user transaction request, 
wherein respective subsets of the terminal stations 
are each connected to a concentrator, various con- 
centrators being interconnected by means of a 
network to one or more host exchanges, wherein 
each concentrator has protocol means for execut- 
ing protocolled data transports with at least one 
host exchange and has cryptography means for 
exchanging said user transaction request and re- 
quest granting information said at least one host 
exchange under execution of cryptographic oper- 
ations on said data, characterized in that a terminal 
station, physically apart from said first presentation 
location comprises a second presentation location 
for receiving a portable operator identification ele- 
ment in order to execute data processing oper- 
ations therein for communication with the asso- 
ciated concentrator by encryption/decryption, using 
data processing elements present in the operator 
identification element, on the basis of a key in- 
formation for a so-called public algorithm present in 
the operator identification element 

2. A transaction system as claimed in Claim 1 , 
characterized in that there is provided a bookkeep- 
ing mechanism for the bookkeeping, under the 
control of individualized data present in the oper- 
ator identification element, of transactions coupled 
thereto. 

3. A transaction system as claimed in Claim 1 
or 2, characterized in that the operator identification 
elements are provided in at least two levels in 
order to output, under the control of a verification of 
a respective bearer identity of a higher level, com- 



paratively general Information, and ditto of a lower 
level, specific information which forms part of the 
general information. 

4. A concentrator suitable for use in a transac- 
5 tion system as claimed in Claim 1. 2 or 3, char- 
acterized in that it comprises a first connection for 
communicating with any host exchange via a net- 
work, a second connection for a sub-set of a plural- 
ity of terminal stations, and means for connecting a 

10 local security box in order to execute a public key 
algorithm therein for the at least partial 
encryption/decryption as part of a verification pro- 
cedure for operator identification information or 
used identification information presented to a termi- 

/5 nal station, after the latter information has already 
been encrypted in the relevant terminal station. 

5. A terminal station suitable for use in a trans- 
action system as claimed in Claim 1, 2 or 3, or as 
an element in a sub-set as claimed in Claim 4, 

20 characterized in that it comprises a first presenta* 
tion location for a user identification element and a 
second presentation location for the removable pre- 
sentation of an operator identification element 
which acts, by way of data processing elements 

26 contained therein, as a security box for the execu- 
tion of encryption/decryption operations. 

6. A terminal station as claimed in Claim 5. 
characterized in that it can be activated subject to 
the condition of presentation of an operator iden- 

30 tification element, there being provided a de-activa- 
tion mechanism in order to de-activate the station 
when said operator identification element is re- 
moved. 

7. An operator identification for use in a system 
35 as claimed in Claim 1. 2 or 3 or with a concentrator 

as claimed in Claim 4, or for use in combination 
with a tenninal station as claimed in Claim 6 or 7. 
characterized in that it comprises data processing 
means for executing encryption/decryption oper- 

40 ations according to a public algorithm, and in that it 
comprises protected storage of a relevant key and 
communication means for bidirectional communica- 
tion with a terminal station in order to act as a 
security box therein. 

45 8. An operator identification element as 

claimed in Claim 7, characterized in that it is for- 
matted as a smart card in which said storage with 
the appropriate data processing means are accom- 
modated in a single integrated circuit. 
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